Apple issues iOS security updates for jailbreak flaws

Apple has released two security updates to address flaws in iOS including a vulnerability which was recently used to perform automatic 'jailbreak' hacks.

The company issued the iOS 4.3.4 update on Friday along with an iOS 4.2.9 security fix for older models.

The iOS update fixes two flaws in the CoreGraphics component which could allow a third party to use a malformed PDF file to access the device and remotely install code.

The vulnerability drew headlines earlier this month when researchers used one of the flaws to set up an automatic 'jailbreak' site which allowed iPad and iPhone owners to remove protections on the device and run software not authorised by Apple.

The flaw had been exploited only for voluntary jailbreaks which could be reversed with a software restore, but security researchers were worried that malware writers could use the vulnerability to install malware on iOS devices.

Also addressed in the update is an elevation of privilege vulnerability in the IOMobileFrameBuffer component. Apple warned that, if exploited, the vulnerability could allow malicious code to access the device running with the privileges of the user.

The updates can be obtained by connecting the iOS device to a PC or Mac running iTunes.

Apple's update comes at the end of a busy week for security fixes. Microsoft issued a monthly update to address 22 security vulnerabilities on Tuesday, and RIM released a fix for the BlackBerry Enterprise Server platform later in the week No BlackBerry smartphones or tablets were affected by that update.